Malware protection requires a careful balance between different technologies across networks and endpoints. Different technologies protect against different types of attacks and apply to different attack phases. This session discusses malware protection components and their effectiveness to protect against less and more sophisticated malware.
Identifying the core features to call out to a potential managed security service provider (MSSP) when scoping the need for an outsourced service is critical for a successful engagement. This session will provide practical examples of how to establish effective requirements and use cases before engaging providers: • What are the key service performance metrics to insist on from an MSSP? • How can you define service customization requirements to ensure additional services charges are managed? • How can you align internal processes with the providers' outputs?
This presentation tells the current story of cloud security, providing an overview of the unique risks of the various forms of public cloud computing, so that the security professional can help the rest of their organization fully understand and address cloud risks. The unique security challenges of IaaS and SaaS are discussed, and viewers are provided with a summary of current- and near-term products and practices that can be used to monitor and control the use of public cloud computing.
Testing the security of networks via penetration tests is not a new concept, but many still struggle to obtain value from those exercises. Red teams are also adding to that challenge as organizations try to understand the differences and when that practice makes sense. This session will discuss: • What are the differences between vulnerability assessments, penetration tests and red team exercises and how can you benefit from them?
Enterprises have had a wake-up call over the last few years as their data assets have been increasingly plundered, with increasing financial liabilities. Users need access to data to do their jobs, but not all data. Data-centric audit and protection tools must be applied to detect potential malicious activity before it results in a breach.
This session will explore specific hardening, isolation, segmentation and isolation strategies as a "return to basics" foundation for information security. These strategies are especially useful for emerging microservices and container-based architectures, IoT, OT as well as out of support or unpatchable systems. • What hardening, isolation, segmentation and isolation strategies are available to you?
This session will give you and your peers an opportunity to ask questions about endpoint security. Typical questions that might be asked include: What Microsoft security tools could we use? Do other companies have more than one endpoint protection vendor? How do other companies address BYOD devices?
This session will give you and your peers from midsize enterprises an opportunity to ask questions about security monitoring options. Typical questions that might be asked include: How do I get started, or maturing, a security monitoring capability? What is the role of services providers and how best do I leverage them? What technologies do I need to consider?
The GDPR ups the ante and tilts the business case for compliance as of 2018. Typical questions that might be asked in this "Ask the Analyst" session include: How can I take a holistic view on the entire data life cycle? How do I make difficult decisions with regards to what security controls to apply? Who do I collaborate with? What should I mind when entering into a processing agreement?
The European Union's General Data Protection Regulation (GDPR) is now in effect. Global organizations with European-based employees need to understand exactly what this legislation means for them especially in regards to employee devices such as smartphones and tablets. This session covers: What are the implications of how GDPR impacts mobile and wearable technologies? How can you become compliant?
Endpoint protection has always been a "sticky" solution. Once deployed, it can be difficult to switch, and some Gartner clients feel stuck with their endpoint vendor — that the effort to replace an incumbent is too great. With cloud-based deployment and management becoming the new normal, the process to replace your existing endpoint agents can be straight forward. This session gives you an opportunity to ask about the risks and common pitfalls that you need to plan for.
Security information and event management (SIEM) technologies have been around for almost two decades, and have evolved and adapted as use cases and the external landscape have changed over time. SIEM tools are far from dead, but change is happening. This session will discuss: • How are SIEM technologies evolving? • What does the future of SIEM solutions look like?
When it comes to the threat landscape, it can be challenging to understand how you should act to protect your business. This session presents a methodology to help organizations understand what really matters when looking at the latest threats. Key topics discussed include: • What defines a cyberthreat and the importance of understanding risk • What threat trends should you be aware of? • What should you do now to address these threats?
Digital identities for both humans and devices are growing at an exponential rate. It will give you an opportunity to ask questions such as: What implications does this have on governments and their IAM programs, and how will this impact both government-employee and government-citizen dynamics? How will emerging technologies such as blockchain impact government digital identity? The session starts with some common trends in IAM, and focuses on what matters most to governments.
CASB is now being deployed by organizations large and small. This session gives you an opportunity to ask questions about the features, the successful use cases and the requirements needed to make your CASB deployment a successful one.
Security orchestration, automation and response (SOAR) tools have been growing in popularity as organizations try to introduce automation in their security operations practices. This session defines this emerging technology and presents emerging deployment and operations practices. This session will discuss: • What is SOAR and do I need it? Who does? • How are organizations using SOAR tools? • What are the best practices in deployment and use of SOAR tools?
Cloud is not just a synonym for the internet but a whole new way to energize your career. Tired of racking and stacking and patching? Bored with consoles and control panels? Then attend this session. Cloud security upends traditional notions of protecting systems and data. Aspects of cloud security require dabbling in adjacent IT disciplines. Come learn how to develop cloud security skills for yourself and for your organization.
No one can escape the wave of artificial intelligence marketing. The promise of increased security and better automation is appealing to security leaders, but sets the wrong expectations. Being too optimistic about artificial intelligence's impact could hurt the security organization. This session will provide an answer to important questions such as: • What should security leaders know about artificial intelligence? • What are the expected impacts on security and risk management? • Should security leaders search for a new job because they will be replaced with robots?
In this session, you will have the chance to ask questions on the topic of mobile security. Typical questions are: Are Android devices secure enough for enterprise use? What is the status with BYOD and how do enterprises secure it? Do we need mobile threat defense for mobile devices? Do we need a container for our email client?
Every year, Microsoft releases new security features for Office 365. Come learn about all the existing and new Office 365 security features built into the different licensing models. We will discuss all the three-letter acronyms (TLAs) of the security features available within Office 365 as well as the third-party solutions.
Data security in public cloud services is the responsibility of the customer. Encryption and key management as a service products provide critical choices as part of a data security strategy, but the product options need careful review and selection. Typical questions that might be asked here include: Why should I care about encrypting data in a public cloud service platform? Should I use the "Bring Your Own Key" security option from my chosen cloud service provider?
Threat hunting (TH) is very hot, but very few organizations actually do it. Attend this session to learn the basics of practical hunting and how to start your TH effort. Key issues covered in this session: • What is TH? • How do you incorporate TH into your SOC processes? • How do you develop a basic TH capability? • Where do you get ideas on what to hunt for? • How do you measure TH successes?
For years, the rumors of passwords' death have been greatly exaggerated. They are the zombies of the authentication world: Clumsy, slow and feeding on our brains. But two technologies combine that can finally lay passwords to rest. (Bonus: They can also eliminate the need for any kind of tokens in some use cases). Key issues: • What should "passwordless" authentication really look like? • What combination of technologies can yield truly "passwordless" authentication? • What are the major barriers to adoption and how can you overcome them?
Organizations are increasingly purchasing SIEM tools to help them address threat detection and compliance concerns, but even with the use of third-party services running the tool, buyers are frustrated with the overall result. This session will give you an opportunity to ask questions about when purchasing a SIEM tool is appropriate, and what are the options being adopted that may lead to better outcomes?
This session will give you a chance to ask questions planning approaches, challenges, pitfalls and the first steps taken in developing threat detection and response capabilities. Participants should bring their experiences on the initial phases of their threat detection and response capabilities.
Many organizations are relying on managed security services, and managed detection and response to improve their security posture. The value of such services, however, is directly related to how the relationship with the vendor is managed. This session will give you the opportunity to ask about the best practices and eventual pitfalls when hiring and utilizing Managed Security Services and Managed Detection and Response services. Typical questions that may be asked include: • When does it make sense to rely on security service providers for threat detection and response? • How to decide between MSS and in-house? • What are the common failure scenarios for each model? • What are the best practices to manage the relationship with the service provider?
Hybrid cloud will be the reality for the vast majority of enterprises for at least the next five years. Rather than create silos of security tools and processes for on-premises infrastructure and cloud services, we recommend a strategy for a "single pane of glass" for visibility and control of hybrid cloud infrastructures. This presentation will explore technologies and processes to make this possible including cloud workload protection platforms and security configuration assessments.
We can't prevent all threats, but it doesn't mean people working on security monitoring and operations can't start detecting and responding. This session gives you a chance to ask questions such as: How do you do it without breaking the bank? How should you start with detection and response? What are the basic tools to start with? What are the basic processes to get right?
In line with the trend of Office 365 adoption, a large number of midsize enterprises are considering Microsoft's native security and IAM offerings such as Exchange Online Protection, Advanced Threat Protection, Azure Active Directory, Azure Information Protection and Microsoft Intune. Which of these are you using successfully? What challenges have you encountered? Where have you found the need to supplement or supplant these capabilities with a non-Microsoft product? Join us for a peer-driven discussion to address these and any other questions you may have.
Most prevention techniques rely on having seen the attack before and fail for evasive attacks. Detection techniques rely on reuse of techniques/tactics or anomalous behavior and fail for highly evasive attacks. This sessions analyses five core security patterns that security architects can use to protect against highly evasive threats, without relying on detection.
Gartner has seen an increased interest in virtual CISO offerings from organizations in unregulated industries, with smaller digital business footprints, and small and midsize enterprises. Are you a good candidate for a vCISO? This session gives you a chance to ask questions about what you can and should expect from these new service offerings.
The endpoint protection market is moving fast. Many vendors - old and new – provide similar sounding capabilities, and Gartner clients often don't know where to start when evaluating the current state of their protection against replacement products. In this session, Gartner's lead endpoint protection analyst Ian McShane will discuss: • The state of the endpoint protection market • The current trends and best practices • Future areas of innovation that all organizations should plan for
Cloud access security broker (CASB) is the new Swiss Army knife for the cloud. Join this session to understand the different use cases this new four-letter word will help secure in your cloud services. CASB is to SaaS as the firewall is to corpnet. Learn how to take advantage of CASBs as your business continues to migrate more services to the cloud. We will discuss the different use cases and best practices on how to deploy CASB.
You are launching a new app for commercial app stores. You need to deploy and manage internal apps to your workforce but also make them available to external contractors. You need to mobilize your legacy apps securely. How do you go about your mobile application security? In this session, we will discuss the best approaches as well as the most interesting technologies to address mobile application security.
In this session, we’ll discuss the state of artificial intelligence usage in security. Typical questions that may be asked include: What is the state of artificial intelligence in cybersecurity? Should I use products claiming to leverage artificial intelligence? Do organizations using AI actually improve their security posture?
Midsize enterprises (MSEs) focus their security budgets on preventative security technologies, leaving them exposed as external threats are increasingly able to get past those controls. This session will help MSE organizations understand the need for detection and response capabilities and how to utilize them through the right combination of people, processes, technologies and services.
Security and risk management leaders must develop strong incident response (IR) capabilities where personally identifiable information (PII) is compromised. This workshop will use a scenario that highlights the impact of cross-border data flows and privacy management to help validate IR capabilities.
Threat simulation tools may be the newest tool in your security toolkit. Join us and learn about the novel security tool category — threat simulation tools, and how to use these to test and improve your security. This session will discuss • What are these tools and how can you benefit from them?
By 2020, 60% of large enterprises will use a CASB to govern cloud services, up from less than 10% today. There's a good reason for this expected jump in adoption. Cloud access security brokers have become an essential element of any cloud security strategy, helping organizations govern the use of cloud and protect sensitive data in the cloud. Attend this session to help you align CASB vendors to address specific use-case requirements.
Moving Authentication and Access Management (AM) to the Cloud. As enterprises embrace cloud computing interest in adopting cloud-delivered IAM capabilities increases. But is IAM as a service (IDaaS) a viable model? This session gives you an opportunity to ask questions such as: Can it support hybrid (cloud and on-premises) biz app architectures? Can AM vendors authentication capabilities displace incumbent tools or is there still a need for standalone authentication solutions?
The increased agility offered by a bimodal capability does not have to mean "less secure." This session will give you and your peers an opportunity to ask questions about bimodal risk and security governance in a bimodal world. Typical questions that might be asked in this session include: • What is bimodal, and why does it impact security? • How does bimodal impact risk? • What are the budget and skills implications?
Risk management continues to be an area of growing maturity and investment for most organizations, as the risk landscape becomes increasingly complex and interconnected. As a result, new technology solutions are emerging to increase the collaborative nature of risk management to support data-driven decision making, both within and external to an organization. This session explores how integrated risk management (IRM) will help improve risk management practices.
Join peers from midsize enterprises to discuss challenges, best practices, and experiences around how they manage risk as risk management becomes ever more complex due to digital business.
Transition to cloud can unfold a parallel project of managing compliance in a new ecosystem which may be a combination of SaaS, on-premises, and privately hosted workloads. Partner, customer, and supplier connections and application integrations further complicate the implementation of compliance mandates. Learn about resetting goals and redefining the scope of assessments supporting risk management and compliance initiatives.
Compliance may be a mature discipline, but Gartner still sees a lot of organizations struggle. Tools can help, but sometimes they make things worse. This session gives you an opportunity to ask questions about how you can mature and improve your compliance management programs and how you can leverage tooling investments to implement continuous improvement.
After ample preparation time in anticipation of the GDPR, Gartner has observed a few misconceptions on privacy as well as a number of key functions for a mature privacy management program. We will address the lessons learned and the necessary capabilities to protect privacy, including the role of security, program ownership, and what the market is, and should be, doing.
This presentation will discuss the current and future state of organizational resilience across multiple management disciplines including business continuity management, information security and more. Using the five layers of culture, people, process and infrastructure, we will address the role of the chief risk/strategy officer and present a framework for developing a business/organizational resilience program in the organization.
As more and more digital services are offered using a cloud model, Gartner clients are finding it frustrating to assess their security and regulatory appropriateness. How certain can you be that a cloud service provider is "secure"? This session will provide you with the opportunity to ask questions about the most practical way to evaluate cloud service provider risks.
IRM's key to success is the ability to provide a vertically integrated view of risk, starting with an organization's strategy, through to its business operations and ultimately into the enabling technology assets.This integration can be even more successful when IRM extends into markets such as business intelligence and analytics as well as security orchestration, automation and response (SOAR). Learn how IRM fits into this broader business risk solution stack.
Assessing risks well is imperative for organizations moving aggressively to leverage digital business tools and techniques in the safest, most secure and efficient manner possible. This presentation explores the best steps organizations can take to choose the appropriate risk-assessment process for their needs.
This Ask the Analyst session will provide an opportunity to ask questions about how to approach recovery tiering for business and IT processes.
Digital business transformation has brought about a new set of risks — digital risk. The digital risk management (DRM) solution market has emerged to help organizations integrate the management of risks associated with digital business components, such as cloud, mobile, social, big data, third-party technology, and OT/IoT. This session will provide an overview of the DRM solution market and how organizations should manage digital risks.
Join us for this introduction to the CISO Circle program. We'll give you an overview of what to expect over the next two days and give you a chance to meet your fellow CISOs. Paul Proctor will lead a discussion on security program readiness and investment.
Constant change in the threat landscape and compliance requirements present daily challenges that can feel overwhelming. Scaling security when facing a fast-paced IT innovation landscape involves choices, often at the expense of building trust and resilience. Three key questions drive strong decision making: What's important, what's dangerous and what's real? This session presents scenarios to demonstrate that ruthless prioritization in the answers helps us cut through the noise and enables action that changes our outlook from overwhelmed to empowered.
Digital business challenges the conventions of digital risk and security management. Security and risk management leaders must develop a coherent digital security program based on a clear vision and strategy. This presentation will address: What constitutes an effective vision and strategy? What are the elements of a digital security program? What are the drivers shaping strategy in 2018?
Mobilizing a security champion program gives security and risk management leaders a geographically and organizationally dispersed team of knowledgeable employees whose focus is to reinforce key security messages and enable long-term behavior change, ultimately driving a more security-aware culture. This session will focus on how to: (1) Get executive support for the security champion program by aligning the overall program objectives directly with company objectives; (2) Build a network of champions that is inclusive of all roles and geographies across the enterprise; (3) Present to candidates the role of a champion as a developmental opportunity and integrate it into performance development plans and (4) Allow champions to take creative liberties with the content to better suit their audiences.
IoT devices generate a huge amount of data, which may include sensitive personal data. As regulations and awareness of privacy increase, security leaders require a consistent approach with data security and privacy. This session examines: What are the concerns with IoT security? What are the legal implications of regional privacy laws such as GDPR? What approaches should be considered when embarking on IoT initiatives?
You've heard the keynote, now meet the keynote speaker! This is your opportunity to speak to Keren Elezari, security researcher, author and strategic analyst, and to discuss the issues that she raised during her keynote presentation with your peers.
The foundation of a mature security function that can offer defined levels of protection at defined cost is a business-centric service catalog. Writing business-centric value statements for risk and security is both challenging and informative. This workshop will help you understand exactly what security does for your organization.
This presentation will outline ongoing changes in security operations/policy/organization, technical migrations, shifts in security mindsets, societal changes, and modifications in adversarial tactics that CISOs and their direct reports should monitor. Attendees will learn strategic changes that aren't yet widely recognized but will have broad industry impact and significant potential for disruption. Through 2022, technologies related to these trends will reach a level of maturity that crosses a critical tipping point.
In 2017, Gartner introduced a strategic approach for information security called continuous adaptive risk and trust assessment (CARTA). As a new charter for information security, CARTA embraces the reality of securing a world where our digital business capabilities are accessed anywhere, by anyone from any device and where attackers continue to innovate. This session will explore the significant changes to security organizations and infrastructure required by CARTA.
This session gives you and your peers an opportunity to ask questions and discuss issues surrounding diversity in security and risk management. Diversity matters — for innovation, for product development, for revenue/profits, for meeting future workforce demands, and for closing economic and wealth gaps. Join this session to discuss how you can tackle this important issue.
Facing your board of directors and describing the risks digital business brings to the organization isn't easy. This CISO circle workshop explores techniques and approaches organizations can use to describe the digital risks faced, the steps the company is taking to mitigate them, and the metrics that can be used to measure progress.
CISOs are called on to fill the twin roles of operational expert and strategic planner. Many CISOs struggle when developing a strategy because they have not been exposed to this process. A few pragmatic steps can help ensure that your strategy is useful. This session will address the following: • What are the elements that you must consider? • What pragmatic steps can you take during its development to ensure success? • What safeguards do you need to support successful execution?
Security and risk management leaders struggle to hire and retain staff with the right skills, especially in the age of digital business. We discuss the outlook for security talent in digital businesses. Key issues will include: What do organizations do to confront this shortage? What can you do to ensure your team's skill sets are developed for a digital world? What does the future of talent look like with technologies such as AI/ML, blockchain, IoT looming?
Digital business projects don't lend themselves to conventional security architecture practices. Security and risk management must adopt a bimodal approach to security architecture. This presentation will discuss: What is security architecture? What are the best practices for security architecture in digital business?
This presentation outlines the top 10 security projects for 2018, based on a number of criteria: The emerging technologies that support the project are not yet mainstream; the project helps deliver against the continuous adaptive risk and trust assessment (CARTA) approach; and the project has high-risk reduction versus resources required as compared to alternatives. Attend this session to get ideas and justification for specific 2018 security projects.
Come join us for a discussion of four recent high-profile breaches. How did they happen? What was the company response? What worked and what didn't? What should we have learned from the breach?
Security organization is a common concern. To whom should the CISO report? Do I split management and operations? Should I outsource? Should I bring security back in? How do we adjust to bimodal? Should ITOps be part of security ops or vice-versa? Join us for a convivial discussion in which we talk about these questions.
Using the Senate Testimony of former Equifax CEO Richard Smith, Gartner presents a timeline of events and a current analysis of factors that put senior non-IT executives at risk following a cybersecurity event. Learn how defensibility and corporate culture are key attributes when developing a cybersecurity program that balances the needs to protect with the needs to run your business.
It is now common practice for a board of directors to require periodic reporting and event-based updates on the state of IT risk and information security. Risk and security leaders must provide board-relevant and business-aligned content. This presentation discusses what you need to present. Key Issues: • What is the role of the board and what do they care about? • What content do you need to cover? • How should you present this content?
In this workshop, we look at how you can boast your communication skills and get your message across more effectively. Taking lessons from giants of the IT industry including Steve Jobs, John Chambers and Steve Ballmer, this is a highly interactive session. With video clips, and plenty of exercises, this workshop is hands-on with lots of group participation. How do you communicate the value of your security and risk management initiatives? How do you get the business to listen to you more? How do you “sell” the benefits of your customer programs to your internal customers across the organisation?
Blockchain has become a much-hyped technology. As such, security and risk leaders must understand what this technology is and isn't. This session aims to provide a "blockchain 101" presentation and answers to some common questions about this new technology. Is blockchain the next new best thing? What are the implications of blockchain for security and risk management leaders? What's hype versus reality?
Governance is about getting business stakeholders to be accountable for risk decisions. Understanding your organization's risk appetite is at the core of establishing proper accountability for managing risk. The only way to make that work is to understand, or more accurately help them understand, what their appetite for accepting risk is. In other words, how much risk are THEY willing to accept?
The 2018 CIO Agenda highlights the changing role of the CIO. Security and risk management leaders must understand CIO priorities and adjust strategy and messaging accordingly. Key issues: • What are the main elements of the 2018 CIO agenda? • What are their implications for security and risk management leaders? • What must security and risk management leaders do in response?
Good security policy is a fundamental component to a sound information security posture, but security and risk management leaders may struggle to write effective policy documents, resulting in inflexible policies that can do more harm than good. This session examines: What are the five biggest mistakes made? How can you avoid these mistakes and improve your policy by avoiding these common mistakes?
Closing remarks from the conference chair, Jeremy D'Hoinne